Security

Learn about CSP, how it works, and why it's awesome. You will build a content security policy header from scratch and learn how to overcome the usual problems on the way.

Tabnabbing attacks enable a malicious website to suddenly redirect a legitimate page to the attacker's page. They can be an effective tool in phishing attacks, so let's see how you as the developer can safeguard your users from the attack.

In this article, you will learn about clickjacking attacks, how they work, how they can put your website users at risk, and how you can prevent it.

Learn everything about the fetch metadata headers and how you can implement isolation policies to defend against various client-side attacks.

Learn how man-in-the-middle attacks can put your website users in danger and how to prevent it.

Learn everything about HTTP cookie security, what are cookie-related attacks and how to defend against them.

Never be frustrated with CORS again. Learn what cross-origin resource sharing is, why it exists, and how to embrace it.

Learn why HTTPS is not enough to protect your website from network attacks and how the HSTS header comes in to solve the problem.

Learn about what the Same Origin Policy (SOP) is, and what it means for you, as a web developer.

Learn how SameSite cookies work and how they can protect against CSRF, XSS, XS-Leaks, and other vulnerabilities.

Are you leaking your users' sensitive data to malicious websites? Learn how xs-leaks work and how to prevent it in 7 steps.

An explanation of CSRF (Cross-Site Request Forgery) vulnerabilities and practical steps for avoiding them.

An explanation of XXE (XML External Entity) vulnerabilities and practical steps for avoiding them.

An in-depth explanation of SQL injection vulnerabilities and practical steps for avoiding them.

An in-depth explanation of XSS (Cross-Site Scripting) vulnerabilities and practical steps for avoiding them.